On Sun, 2004-05-30 at 16:31, Mary Gardiner wrote: > On Sun, May 30, 2004, Jamie Wilkinson wrote: > > Why wouldn't postfix work with a firewall tweak and permit_mynetworks? > > I assume Jamie means a iptables rule along the lines of the redirection > one here: > > http://netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.2 > > If so, I agree that it should work. SMTP isn't as complex as HTTP, IIRC > clients behave exactly the same way whether they're talking to the end > server or an intermediate relay, so you should just be able to silently > reroute all outgoing packets for port 25 to the mail server's port 25 > and the clients will be none the wiser.
Except for: Authenticated outgoing sessions. (required to support SPF in combination with permitting relay from the SPF hosts by authentication). Encrypted (TLS) outgoing sessions. (Often used in combination with the former point, for privacy on internal-to-a-entity mail). Once again. If you don't want someone doing something, reject the packet with 'administratively down' as the ICMP error. Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
